Using Google dorks has become a staple on the list of tactics by attackers to find vulnerable websites and servers. But a new do-it-yourself tool is seeking to make website hacking via Google dorks even easier.
According to security researcher Dancho Danchev, a new version of a popular website hacking tool has been released that offers users the ability to build “hit lists” of vulnerable sites. The tool relies on Google Dorks for reconnaissance and features built-in SQL injection options as well as the ability to add custom exploits. It also includes a proxy aggregation function so that no CAPTCHA challenge is ever displayed to the attacker.
The tool’s licensing comes in a hardware-based ID form. One license costs $10 in Liberty Reserve currency, or $11 in Western Union transfer. The unlimited license doesn’t have a hardware-based ID restriction and costs $20 in Liberty Reserve or $20 in Western Union transfer.
“The tool works both on the desktop as a stand-alone application, but can also be integrated within popular browsers in an attempt to fool the search engines into thinking that it is legitimate traffic,” Danchev wrote on Webroot’s Threat blog. “It can also automatically detect remotely exploitable websites and exploit them entirely based on the preferences set by the malicious attacker using it.”
Search engines such as Google have been leveraged by attackers for years to find both sensitive data and vulnerable targets on the Web. In 2011, researchers at Imperva observed a botnet attack on a popular search engine conducting queries at a rate of up to 81,000 a day in the name of reconnaissance.
“Efficiently abusing hundreds of thousands of websites through search engines reconnaissance is nothing new,” Danchev blogged. “In fact, it’s been an everyday reality since the day market leading search engines started offering advanced search operators to be used.”